Senior DevSecOps Engineer – CI/CD and Cloud Security

Unleash innovation at the forefront of secure software delivery — shape the future of DevSecOps!
Krakow-based opportunity with hybrid work model, allowing up to 3 remote days per week.

As a Senior DevSecOps Engineer – CI/CD and Cloud Security, you will be working for our client, a leader in advancing secure and efficient software development pipelines. You will own and evolve the Jenkins Shared Library, powering multi-language builds (Java/Maven, Node/NPM, Python, Helm, Terraform, containers). Your expertise will ensure fast, secure, provenance-rich pipelines that reinforce supply-chain integrity across teams — driving innovation and security in software delivery.

Your main responsibilities:

• Design and maintain Groovy pipeline steps (build, test, package, scan, deploy).
• Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container).
• Optimize pipeline performance through parallel builds, caching, scope-reduced BOMs, and dependency prefetch.
• Ensure artifact integrity with correct SHA1/SHA256 mapping, reproducible inputs, and evidence modeling.
• Refactor legacy scripts to improve reliability and standardization.
• Document ci-config.yaml standards and usage patterns.
• Mentor engineers on secure pipeline development and supply-chain security practices.
• Troubleshoot and prevent pipeline incidents to maintain smooth delivery.

You're ideal for this role if you have:

• 5+ years of engineering experience with CI/CD platforms and DevSecOps.
• Strong expertise in Jenkins and Groovy shared libraries.
• Advanced Python automation skills (JSON/YAML processing, scripting).
• Deep knowledge of Maven, NPM, Python packaging, with exposure to Helm, Terraform, and container image metadata.
• Solid understanding of supply-chain security (SLSA, CycloneDX SBOM, digests).
• Experience with SonarQube, Sonatype IQ, container and SAST scanning.
• Proven track record in performance tuning (caching, parallelization, dependency pruning).
• Awareness of compliance standards in security and software supply chain.

It is a strong plus if you have: (optional)

• Experience with artifact signing and attestations (cosign, OCI).
• Patterns for publishing Terraform modules and Helm charts.
• GitOps or release automation expertise.
• Cloud experience with GCP or AWS.

Language Required for the role:
Fluent English proficiency.

Eligibility for the role:
Only candidates with an existing legal right to work in the European Union will be considered for this role.

#MAKEYourCareerBETTER
Interested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.